Home Technology With macOS 12.1, Apple plugged a “Powerdir” flaw spotted by Microsoft

With macOS 12.1, Apple plugged a “Powerdir” flaw spotted by Microsoft

37
0

Microsoft has identified a security flaw in macOS which was corrected by Apple with macOS 12.1 (released in release mid-December). The vulnerability, dubbed “Powerdir”, allowed a villain to bypass protections in the technology of transparency, consent and control (TCC) of the operating system, introduced in 2012 with OS X Mountain Lion.

The Privacy panel of macOS preferences is the TCC interface.

TCC was developed to help users configure permission settings for macOS software (access to webcam, microphone, location data). Apple has built in a mechanism that prevents the execution of arbitrary code, and has reinforced this policy by restricting TCC access to only apps with full disk access.

However, Microsoft security researchers have pinpointed a flaw that allows malicious data to be injected into the TCC database, which stores software queries. In this way, a robber is able to orchestrate an attack based on the user’s personal data. A hacker could thus access the microphone to record private conversations, or take screenshots of sensitive information.

The vulnerability, identified CVE-2021-30970, was therefore plugged with macOS 12.1, which we can only recommend to install quickly.

Previous articleCryptocurrency miners in Norton 360 and Avira
Next articleA good part of iCloud is stranded